Puppet Enterprise 2019.7.0

CPE Details

Puppet Enterprise 2019.7.0
2019.7.0
2022-01-24
15h35 +00:00
2022-01-24
15h43 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:puppet:puppet_enterprise:2019.7.0:*:*:*:*:*:*:*

Informations

Vendor

puppet

Product

puppet_enterprise

Version

2019.7.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-5309 2023-11-07 19h01 +00:00 Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.
9.8
Critique
CVE-2021-27023 2021-11-18 13h33 +00:00 A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007
9.8
Critique
CVE-2021-27025 2021-11-18 13h30 +00:00 A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.
6.5
Moyen
CVE-2021-27026 2021-11-18 13h27 +00:00 A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged
4.4
Moyen
CVE-2021-27022 2021-09-07 11h03 +00:00 A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes).
4.9
Moyen
CVE-2021-27019 2021-08-30 15h56 +00:00 PuppetDB logging included potentially sensitive system information.
4.3
Moyen
CVE-2021-27020 2021-08-30 15h56 +00:00 Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.
8.8
Haute
CVE-2021-27021 2021-07-20 08h44 +00:00 A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
8.8
Haute